/**     
* @Title: HomeController.java   
* @Package me.security.example.controller   
* @Description: TODO   
* @author xaoyaoyao
* @date 2017年8月23日 下午1:44:02
*/
package me.security.example.controller;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.annotation.Secured;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import me.security.example.domain.SysUser;
import me.security.example.service.UserService;

/**
 * @ClassName: HomeController
 * @Description: TODO
 * @author xaoyaoyao
 * @date 2017年8月23日 下午1:44:02
 * 
 */
@Controller
@RequestMapping("/users")
public class HomeController {

	@Autowired
	UserService userService;

	@RequestMapping(value = "list", method = RequestMethod.GET)
	@ResponseBody
	public String getUsers() {
		return "getUsers";
	}

	// 此方法只允许 ROLE_ADMIN 和ROLE_USER 角色 访问
	@Secured({ "ROLE_ADMIN", "ROLE_USER" })
	@RequestMapping(value = "save", method = RequestMethod.POST)
	@ResponseBody
	public Object save(@RequestBody SysUser user) {
		if (null == user || StringUtils.isEmpty(user.getUsername()) || StringUtils.isEmpty(user.getRawPassword())) {
			return "error";
		}
		return userService.create(user);
	}

	// 此方法只允许 ROLE_ADMIN 角色访问
	@Secured("ROLE_ADMIN")
	@RequestMapping(value = "update", method = RequestMethod.PUT)
	@ResponseBody
	public String update() {
		return "updateUser";
	}

	// 此方法只允许 ROLE_ADMIN 角色访问
	@Secured("ROLE_ADMIN")
	@RequestMapping(value = "delete", method = RequestMethod.DELETE)
	@ResponseBody
	public String delete() {
		return "deleteUser";
	}
}
